diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2008-08-14 18:05:04 +0400 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2008-08-14 18:05:04 +0400 |
| commit | 88797e5979c906e8bb5b181e4c2511b8b79b5818 (patch) | |
| tree | 1c40f694b610a1aa5330c429febb9adc68416662 /winsup/cygwin/security.cc | |
| parent | 56d81795705a67bef7e1e5fa934a2109e34b316f (diff) | |
* external.cc (cygwin_internal): Call set_security_attribute with
additional path_conv argument.
* fhandler.cc (fhandler_base::open): Ditto.
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Never set DOS
R/O attribute when using ACLs.
(fhandler_disk_file::mkdir): Ditto. Set
security descriptor on remote dirs after creating the dir, same as in
fhandler_base::open.
* fhandler_socket.cc (fhandler_socket::bind): Ditto for remote AF_LOCAL
socket files.
* path.cc (symlink_worker): Ditto. for remote symlinks.
* security.cc (alloc_sd): Take additional path_conv argument.
Accommodate throughout. Drop setting FILE_WRITE_EA/FILE_READ_EA
flags unconditionally (was only necessary for "ntea"). Don't set
FILE_READ_ATTRIBUTES and FILE_WRITE_ATTRIBUTES unconditionally on
Samba. Add comment to explain. Drop useless setting of
STANDARD_RIGHTS_WRITE, it's in FILE_GENERIC_WRITE anyway.
Remove FILE_READ_ATTRIBUTES bit from FILE_GENERIC_EXECUTE so as not
to enforce read permissions on Samba.
(set_security_attribute): Take additional path_conv argument.
* security.h (set_security_attribute): Change prototype accordingly.
Diffstat (limited to 'winsup/cygwin/security.cc')
| -rw-r--r-- | winsup/cygwin/security.cc | 32 |
1 files changed, 18 insertions, 14 deletions
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index b4c7caf2c..5d9846abc 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -380,7 +380,7 @@ add_access_denied_ace (PACL acl, int offset, DWORD attributes, } static PSECURITY_DESCRIPTOR -alloc_sd (__uid32_t uid, __gid32_t gid, int attribute, +alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, security_descriptor &sd_ret) { BOOL dummy; @@ -462,28 +462,31 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute, size_t acl_len = sizeof (ACL); int ace_off = 0; - /* Construct allow attribute for owner. */ + /* Construct allow attribute for owner. + Don't set FILE_READ/WRITE_ATTRIBUTES unconditionally on Samba, otherwise + it enforces read permissions. Same for other's below. */ DWORD owner_allow = STANDARD_RIGHTS_ALL - | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA; + | pc.fs_is_samba () + ? 0 : (FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES); if (attribute & S_IRUSR) owner_allow |= FILE_GENERIC_READ; if (attribute & S_IWUSR) owner_allow |= FILE_GENERIC_WRITE; if (attribute & S_IXUSR) - owner_allow |= FILE_GENERIC_EXECUTE; + owner_allow |= FILE_GENERIC_EXECUTE & ~FILE_READ_ATTRIBUTES; if (S_ISDIR (attribute) && (attribute & (S_IWUSR | S_IXUSR)) == (S_IWUSR | S_IXUSR)) owner_allow |= FILE_DELETE_CHILD; /* Construct allow attribute for group. */ - DWORD group_allow = STANDARD_RIGHTS_READ - | FILE_READ_ATTRIBUTES | FILE_READ_EA; + DWORD group_allow = STANDARD_RIGHTS_READ | + (pc.fs_is_samba () ? 0 : FILE_READ_ATTRIBUTES); if (attribute & S_IRGRP) group_allow |= FILE_GENERIC_READ; if (attribute & S_IWGRP) - group_allow |= STANDARD_RIGHTS_WRITE | FILE_GENERIC_WRITE; + group_allow |= FILE_GENERIC_WRITE; if (attribute & S_IXGRP) - group_allow |= FILE_GENERIC_EXECUTE; + group_allow |= FILE_GENERIC_EXECUTE & ~FILE_READ_ATTRIBUTES; if (S_ISDIR (attribute) && (attribute & (S_IWGRP | S_IXGRP)) == (S_IWGRP | S_IXGRP) && !(attribute & S_ISVTX)) @@ -491,13 +494,13 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute, /* Construct allow attribute for everyone. */ DWORD other_allow = STANDARD_RIGHTS_READ - | FILE_READ_ATTRIBUTES | FILE_READ_EA; + | (pc.fs_is_samba () ? 0 : FILE_READ_ATTRIBUTES); if (attribute & S_IROTH) other_allow |= FILE_GENERIC_READ; if (attribute & S_IWOTH) - other_allow |= STANDARD_RIGHTS_WRITE | FILE_GENERIC_WRITE; + other_allow |= FILE_GENERIC_WRITE; if (attribute & S_IXOTH) - other_allow |= FILE_GENERIC_EXECUTE; + other_allow |= FILE_GENERIC_EXECUTE & ~FILE_READ_ATTRIBUTES; if (S_ISDIR (attribute) && (attribute & (S_IWOTH | S_IXOTH)) == (S_IWOTH | S_IXOTH) && !(attribute & S_ISVTX)) @@ -682,13 +685,13 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute, } void -set_security_attribute (int attribute, PSECURITY_ATTRIBUTES psa, +set_security_attribute (path_conv &pc, int attribute, PSECURITY_ATTRIBUTES psa, security_descriptor &sd) { psa->lpSecurityDescriptor = sd.malloc (SECURITY_DESCRIPTOR_MIN_LENGTH); InitializeSecurityDescriptor ((PSECURITY_DESCRIPTOR)psa->lpSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION); - psa->lpSecurityDescriptor = alloc_sd (geteuid32 (), getegid32 (), + psa->lpSecurityDescriptor = alloc_sd (pc, geteuid32 (), getegid32 (), attribute, sd); } @@ -702,7 +705,8 @@ set_file_attribute (HANDLE handle, path_conv &pc, { security_descriptor sd; - if (!get_file_sd (handle, pc, sd) && alloc_sd (uid, gid, attribute, sd)) + if (!get_file_sd (handle, pc, sd) + && alloc_sd (pc, uid, gid, attribute, sd)) ret = set_file_sd (handle, pc, sd); } else |